[cisco-nas] Vlan assignment with Cisco 2950 & IAS: What is the correct format for the radius attributs ?

CONTRERAS Sébastien sebastien_contreras at hotmail.com
Fri Jul 9 02:42:24 EDT 2004 

Yes.

The IOS version is 12.1(19)EIa

The Tunnel-Type, Tunnel-Medium-Type and Tunnel-Pvt-Group-ID attribut must be linked by a common tag value ? Or not ?

If yes, how to create this tag with IAS ?

I have also seen that the first attribut sent by IAS is the attribute 65 (Tunnel-Medium-Type).
I think the first attribut to be sent by IAS should be the 64 (Tunnel-Type) and then only, the 65 and the 81, but I can't order the way IAS send the attributes.
IAS always send 65, then 81, then 64.
The order the 2950 receive the attribut is important ?

The value of Tunnel-Pvt-Group-ID must be a string?

  ----- Original Message ----- 
  From: MIHI 
  To: 'CONTRERAS Sébastien' ; cisco-nas at puck.nether.net 
  Sent: Friday, July 09, 2004 8:24 AM
  Subject: RE: [cisco-nas] Vlan assignment with Cisco 2950 & IAS: What is the correct format for the radius attributs ?


  Hello,

   

  Is your 2950 EI? 

  Only EI models support VLAN assignment.

   

  Marton

   


------------------------------------------------------------------------------

  From: cisco-nas-bounces at puck.nether.net [mailto:cisco-nas-bounces at puck.nether.net] On Behalf Of CONTRERAS Sébastien
  Sent: Thursday, July 08, 2004 2:54 PM
  To: cisco-nas at puck.nether.net
  Subject: [cisco-nas] Vlan assignment with Cisco 2950 & IAS: What is the correct format for the radius attributs ?

   

  Hi all, 

  I'm trying to do VLAN assignment with a Cisco 2950 (as NAS) and Microsoft IAS (As RADIUS server).

   

  I know that the attributes I have to send to the 2950 are :

  Tunnel-Type (64) with value equal to    VLAN    (type 13)

  Tunnel-Medium-Type (65) with value equal to    802    (type 6)

  Tunnel-Private-Group-ID (81) with value equal to the name (or ID) of the VLAN to which I want to assign the user

   

  I tried several formats (t:Tunnel-Type=VLAN, 64=VLAN, 64=13 ....) and several ways (using Cisco-av-pairs, Vendor-Specific attributes, predefined attributes..) for configuring these attributs in IAS but each time, the switch says "RADIUS: EAP-login: radius didn't send any vlan" ( I have actived "debug radius").

   

  1/

  What is the exact format (in hexadecimal I think..) the switch need to receive ? (normally ID - Length - Value, which give in hexadecimal for attribut Tunnel-Type : 64 6 0000000D)

  Thanks to the "debug RADIUS" command, I can see that the switch receive this value (64 6 000000D) when I use the predefined attributs in IAS.

   

  2/

  I read that a common tag value must be set in all of the three attributes for identifying "the grouped relationship".

  I searched for adding this tag in the attributes but I can only put one value in my attributs.

  What is the trick ?

   

  3/

  If someone know the correct way to configure these attributs in IAS, It will be great !

   

   

   

  802.1x works with no problem.

  It's only the VLAN assignment that fail.

   

  Any help appreciated.

   

  Thanks

   

   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-nas/attachments/20040709/6eed7ffb/attachment-0001.html

More information about the cisco-nas mailing list